List of Docker caveats / bugs

Build instances don't allow for debugging with interactive console

This is very likely broken by design. Docker wants Dockerfiles to be reproducible and not changed arbitrarily by convenient user input. However nothing could be more crippling to a developer than being unable to directly inspect a broken environment. In many ways building docker containers feels just as frustrating as building and testing live embedded systems. Imagine only how helpful it would be, if docker simply dropped you into a shell once a command failed. Instead you cannot even run the last layer in a new container if using buildx with foreign architectures. At least not without some major shenanigans. And even then most of the really painful and time-consuming issues you run into are actually entirely exclusive to the build environment.

Luckily you can use this workaround via improvised netcat console:

RUN apk add nmap-ncat && ncat 172.17.0.1 8080 -c 'while true; do read i && echo -en "$($i 2>&1)\n # "; done' && false

Buildx instances are not network-isolated from each other

You might tend to believe that build instances behave like docker containers, but that is not really true. If one build instance starts a daemon that is listening on a certain network port, the other instances will not be able to start that same daemon because the port is in use. Since all instances do exactly the same things instructed by the Dockerfile, the first instance will succeed and all successive instances will fail. Although buildx has an --isolation option, it sadly doesn't change the fact as of this writing.

The only workaround is to plug in a script that checks if the port is in use, before the daemon is started:

while(true); do if netstat -putlan | grep MYPORT; then sleep $((1 + $RANDOM % 60)); else break; fi; done

Port publishing mostly broken for greater numbers

Quite often you need to publish more than just one port. Some RFCs and use cases call for more than 40,000 ports to be available (if counting UDP and TCP seperately like Docker does). By default Docker starts a new "userland proxy" process for every port which consumes time to start and memory to run.  Publishing as little as 100 ports will already cause major slowdowns. But even with userland proxy disabled, I ran into the situation that docker would hit internal limits of maybe 512 ports per port range and 1024 ports total. It would then silently, and without warning, stop publishing ports specified higher and after that limit. End of story: Don't use docker to publish ports, if you need to publish more than 512. Use this iptables workaround instead. Always check twice with netstat.

This page or post was last modified on 2022-09-15 .

Why XMPP instead of Whatsapp?

  auf Deutsch anzeigen

XMPP is an instant messenger like Whatsapp and it is almost the same to use. However unlike Whatsapp, Signal, Wire and similar XMPP is an open and free standard that is employed in a federation of a great many of servers. You can use it with free "open source" software. Free software is a common good and it is most often produced altruistically, without financial interest, for the better by the community. That's why it's not only free to use, but also why it's free of many bad, malicious and ill influences. Because the source code is open, anyone can check if this is really so, and they can copy and change the program however they like. That means you could for example write a program that archives your chat history on your PC, or send messages to other providers who also use open standards.

To the contrary Facebook could for example decide to reprogram Whatsapp in such a manner, that the end-to-end encryption is bypassed, and that all private messages are copied to market research agencies, secret services, governmental agencies, and other intermediaries in the private sector, where they could potentially be processed and analyzed in any arbitrary manner. In fact the EU has recently decided to make exactly this mandatory. Because Whatsapp is proprietary software, it has been deliberately programmed in such a way that it cannot communicate with other message providers, so that people cannot easily switch away from it. The program acts like a cage in which the user and their content are imprisoned, and in which it's very difficult to think beyond the limited horizon that it offers. It's this way in which virtual environments are created, that almost exclusively serve the purpose of commercial exploitation. And it's always commercial exploitation that's in many aspects again and again in direct conflict with truly good values and goals. That's why e.g. Facebook doesn't facilitate healthy social exchange, but instead only amplifies whatever it is around us that captures people as long as possible to the screen, to view as many ads on their site as they can show to you. Nobody can change this situation, because we are dealing with programs (which websites are also) that have a closed source code. And for the same reason no one can see and control what the program is doing covertly in the background.

Small ambitious providers like Signal, Telegram or Discord share many of the problems that made people want to switch away from Whatsapp in the first place. Even worse: Eventually all small companies will be bought out by the big tech giants, if they become too popular.  From that point on they only change and behave in malicious ways. Additionally, small companies can just as easily be forced by  governments to become and instrument of mass-surveillance and mass-censorship.

Free software, if necessary with peer-to-peer technologies and in a big federation of independent providers, is therefore the only real solution. And not only for instant messaging. You can replace any software in your computer with free software, including the operating system. There is almost no commercial software left nowadays that would be significantly worse or even better than free software. What's left are only a few exceptions more or less in the professional sector, like CAD machines, music production maybe and video cut (unfortunately). But if commercial software had not always been developed in the shadow of being some day outcompeted by free software, commercial providers wouldn't even have programmed it as extensively and with as much functionality as you are used to. Instead they would try to withhold as many features as possible,  try to trick you where they can e.g. by pretending that certain fees or issues arise from real necessities or challenges, just in order to maximize profit with superfluous additional costs. You should therefore always use free software from the beginning and thereby support it.

But why is it then that most people use so little free software? The reasons are sadly for many similar to those that people have if it comes to food and nutrition. It begins with the problem that a lot of people do not even really understand which foods are truly healthy for them and what impact they have. And even if they understand it, then they often judge the food by the picture on the package. Or they buy sweets because it is more seductive than vegetables. Software producers are messing us around by the nose the same way, bait us with marketing and the extra sugar on top of the big dessert. That leads most of us to not switch to things which are actually really good for our digital world and our societies. Instead people are choosing things that just look as comfortable and easy as it can get initially. Where they have to put as little thought into it as possible. That is sad and it shouldn't be that way. Because it shapes the world around us that we create in our digital lives. A world that we live to set others as an example and that we seemingly endorse to them.

I want to live in a world of freedom that respects democratic and human values. That's why I use free software.

 

To get startet with XMPP as easily and best as possible, I highly recommend that you install the client "Conversations" (gratis link, or better yet for $3.99 in Google Play to support the developer). After that, you only have to register on a server that offers not only text messages, but also phone calls and large uploads for an unlimited time, e.g. disroot.org. You can find many many more servers on this list. Anyone can create such a server and users can message each other on the whole XMPP network (not just one server). Do not use conversations.im as suggested by the client, because they will ask for money to continue service after 6 month. You then get an XMPP address, that might look like this: mike@disroot.org.

This page or post was last modified on 2022-09-15 .

Docker: interactive shell during build process

Add this to the Dockerfile:

RUN apk add nmap-ncat && ncat 172.17.0.1 8080 -c 'while true; do read i && echo -en "$($i 2>&1)\n # "; done' && false

On your PC:

ncat -lk 8080

Works for Alpine and only if your firewall doesn't block port 8080. Also IP address may differ.

sudo iptables -I INPUT -p tcp -m multiport --dports 8080 -j ACCEPT

Unfortunately you do not get a real terminal, so e.g. vim doesn't work. If you know of any better method, let me know.

This page or post was last modified on 2022-09-15 .